itkbfandomcom-20200213-history
Setting Up A Domain Controller
Description: Follow these steps to setup a Domain Controller using Windows Server 2008. Note that the options listed here are going to be customer specific, many networks are going to be different from this. To Resolve: 1. First answer key questions: Will they benefit? Is it practical? Who will support it? If a network has over 20 computers, it's highly recommended. It's also a good idea if you have multiple locations that need to access a single database. 2. Once that is complete, first thing to do is to rename the computer to something familiar like "DC01" or "Server". 3. Set a static IP address. 4. In this example, I am going to install the "DHCP", "DNS", "Remote Desktop Services", and the "Active Directory Domain Services" roles to the server. Start - Server Manager - Install Roles. It makes it real easy with step by step windows for each role, make sure to go in order. 5. See "Setting Up A RDP Server In Server 08" for a more specific walkthrough of the Remote Desktop Services role,but here are some key points. 6. On installing RDP: Remote Desktop Session Host, Licensing requires NLA (Network Level Authentication) - Always enable it for newer networks, for XP networks, then don't enable this. Most licenses will be "per user". 7. Installing DHCP: If the DC is going to be a DHCP server, you need to disable DHCP on the router or look for a "forward to DC" setting. Parent Domain= Domain Name(.local) Primary - Static IP of the DC Secondary - Router IP Address Configure scope page - You can add DHCP ranges - 8 days for wired / 8 hours for wireless 8. Everything else is default, reboot the computer. 9. After reboot, go to "Server Manager" - Roles - Active Directory - Install and then run "DC Promo" if it does not do it automatically. Functional Level- Needs to match the networks OS's. If XP office, select 2003, if Windows 7, select Server 08r2 or whatever OS the server is. When installing AD, Windows creates a folder in the directory "C:\Windows\SYSVOL" which contains the bulk of AD info and is shared out automatically. After this, it will ask where to install the "Log, Database, and SYSVOL" folders. Keep it default unless it's a large setup like in a forest where you would select different paths. Next it will ask for a password in case you need to restore AD to a previous time in Windows Restore - use the "Domain Administrator" password. 10. AD is now installed. Next step is to configure users. Key notes here is copying a user creates a new user with the same policies and groups attached to the user copied. MAKE A HABIT OF COPYING USER ACCOUNTS INSTEAD OF CREATING NEW ONES. Creating a group - Left column, select "Builtin" under your domain name - Right click New- Group - Create a group name - and Add users by going to users and selecting multiple users and adding them to the group. You can also select other groups and go to properties - Members - and add your custom group to theirs. 11. Now you can configure policies for the domain. Start - Group Policy Management - Creates new policies and configures them. There will be a section on this later on. 12. The domain is officially setup. You need to go to all computers and add them to the domain. You also need to go to their network connections (ncpa.cpl - IPv4 Properties) and make sure the primary DNS is pointing to the Domain Controller and leave the secondary DNS blank. 13. Another note, if you install the "Application" role, there is a specific way to install client-server programs. Go to Control Panel and select "Install Applications on Remote Desktop" and select an installer file. Notice in this dialog you can change the path to UNC paths if needed. To Demote a Domain to A Workgroup: 1. For workstations: Just take the workstation off the domain and reboot. You do this by sysdm.cpl - and "Change" to a workgroup. 2. On the Domain Controller , Run - dcpromo - Follow the prompts and remove the computer from the domain. Note that the Small Business Server OS has to be on a domain but you can still authenticate with users on a workgroup through local account authentication.